<%@LANGUAGE="JAVASCRIPT" CODEPAGE="1252" %>
<!--#include file="common/connStr-s.asp" -->
<!--#include file="common/Clean-s.asp" -->
<%
function RunCmd(cmdStr) {
	var comObj = Server.CreateObject('ADODB.Command');
	comObj.ActiveConnection = connStr;
	comObj.CommandText = cmdStr;
	comObj.Execute();
	comObj.ActiveConnection.Close();
	delete comObj;
}

function ProcessForm() {
	var fileName = Clean(Request.Form("fileName"));
	if(!fileName) return;
	
	var cmdStr = "INSERT INTO dbo.photos (username, fileName) VALUES ('John', '" + fileName.replace(/'/g, "''") + "')";
	RunCmd(cmdStr);
}

function PhotoTableGet() {
	var photoTable = "";
	
	var rst = Server.CreateObject("ADODB.Recordset");
	rst.ActiveConnection = connStr;
	var qryStr = "SELECT photoID, username, fileName FROM dbo.photos ORDER BY photoID DESC";
	rst.Source = qryStr;
	rst.CursorType = 0;
	rst.CursorLocation = 2;
	rst.LockType = 3;
	rst.Open();
	if(!rst.EOF) {
		photoTable = "<table><tr><th>photoID</th><th>username</th><th>fileName</th></tr>";
		for(; !rst.EOF; rst.MoveNext()) {
			photoTable += "<tr><td>" + rst.Fields.Item("photoID").Value + "</td><td>";
			photoTable += rst.Fields.Item("username").Value + "</td><td>";
			photoTable += rst.Fields.Item("fileName").Value + "</td></tr>";
		}
		photoTable += "</table>";
	}	
	rst.Close();
	
	return photoTable;
}

ProcessForm();
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Photo Manager</title>
</head>
<body>
<h1>Photo Manager</h1>
<h2>Your Photos</h2>
<div><%= PhotoTableGet() %></div>

<hr />

<form name="photoAdd" method="post" action="default.asp">
<h2>Add More Photos</h2>
<label>File Name</label>
<input type="text" name="fileName" />
<input type="submit" value="Submit" />
</form>
</body>
</html>
